SECUNIA ADVISORY ID:
SA21260
VERIFY ADVISORY:http://secunia.com/advisories/21260/CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.
Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php
Successful exploitation requires that "register_globals" is enabled.
The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
Drago84
ORIGINAL ADVISORY:http://milw0rm.com/exploits/2083

GET LASTEST UPDATE

SOCIAL MEDIA

The Joomla!® name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.JoomlaCorner.com is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project